SSL Certificates and Shared Hosting – The How and Why

In October 2016 at the CA/Browser Forum in Redmond, Washington, Google software engineer Ryan Sleevi announced Google’s move to make Certificate Transparency mandatory for Chrome web browsing.

What’s the big deal about HTTPS and Digital Certificates?

The Certificate Transparency is an open source framework by Google that monitors and audits domain certificates. How? If you’ve recently surfed the Internet on your Chrome browser, you’ve probably noticed an indicator next to a domain name. An indicator which looks like one of the following:

The symbol indicates if a website is safe to visit. Here is the explanation for each:

Secure: The information you send to the site will be private.

Info: The site isn’t using a private connection. Someone might be able to see the information you send through this site. Google suggests you don’t enter sensitive details, like passwords or credit cards.

Not Secure or Dangerous: Google suggests you don’t enter any private or personal information on this page. If avoidable, don’t use this site.

Why does this happen?

HTTP is HyperText Transfer Protocol and the ‘S’ at the end of HTTPS stands for SSL (Secure Socket Layer). This digital certificate, if installed, activates a padlock and the HTTPS protocol which allows a secure connection from a web server to a browser. Without a digital certificate or a ‘HTTPS’ connection, Chrome will label the website as ‘Not Secure’.

Since January 2017, Chrome has already begun flagging websites as ‘Not secure’ and by October 2017, all websites will be required to adopt the Certificate Transparency standard.

What does an SSL certificate do?

An SSL certificate is a bit of code that secures sensitive information across different networks around the world. Even if your website does not request information like credit card details, SSL is still critical to your website.

Information is passed from computer to computer to get to the destination server. An computer within this network (between your computer and the destination server) will have access to passwords, account details, personal information etc. An SSL certificate encrypts that information so it is only read by the destination server.

What is encryption?

Encryption is a mathematical process of converting some data or information into a code with the intent to prevent unauthorised access.

A number of bits builds the size of the key. The bits can be 40-bit, 56-bit or 256-bit. Think of it as the combination number lock you’d use to secure your travel suitcase. A regular number lock has about 3 columns but imagine how much more secure it would be if it had say, 5 columns of numbers. Similarly with bits – the larger the key, the more possible the combination. A 128-bit encryption is one trillion times stronger than 40-bit encryption.

With dashboards like cPanel and Plesk, digital certificates have a simple easy-to-install process. With other dashboards that do not come with certificate/ SSL Managers, you can contact your hosting provider and request him to install it for you.

The process mentioned above outlines the general structure. To know exact details, you can always speak to your hosting and certificate provider(s). We also have a video tutorial to help you set up a digital certificate here:

If you have other hosting packages, installing digital certificates are even simpler. Here’s more.

Conclusion

Certificates on a WordPress site can also be done on top of a hosting package – be it Shared, Cloud or VPS by following the same procedure.

A digital certification is a must to keep your website secure. It’s the standard security technology for an encrypted link between a server and a browser.